12 matches found
Horde Framework Unserialize PHP Code Execution
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def...
Horde Framework Unserialize PHP Code Execution (CVE-2014-1691)
An arbitrary PHP code execution vulnerability has been reported in Horde . An attacker can exploit this vulnerability to execute arbitrary code with the permissions of the web server...
CVE-2014-1691
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the formvars form...
CVE-2014-1691
CVE-2014-1691 affects Horde (
CVE-2014-1691
creationtimestamp| type| source ---|---|--- 2014-03-22 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/32439 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/hordeunserializeexec.rb 2025-02-06 03:13:41+00:00|...
Horde Framework Unserialize PHP Code Execution
This Metasploit module exploits a php unserialize vulnerability in Horde versions 5.1.1 and below which could be abused to allow unauthenticated users to execute arbitrary code with the permissions of the web server. The dangerous unserialize exists in the 'lib/Horde/Variables.php' file. The...
Horde Framework - Unserialize PHP Code Execution (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Horde Framework Unserialize PHP Code Execution', 'Description' = %q This module exploits a php unserialize vulnerability in Horde...
Horde Framework Unserialize PHP Code Execution
This module exploits a php unserialize vulnerability in Horde 'Horde Framework Unserialize PHP Code Execution', 'Description' = %q This module exploits a php unserialize vulnerability in Horde 'EgiX', Exploitation technique and Vulnerability discovery originally reported by the vendor 'juan...
[SECURITY] [DSA 2853-1] horde3 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2853-1 [email protected] http://www.debian.org/security/ Luciano Bello February 05, 2014 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2853-1] horde3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2853-1 [email protected] http://www.debian.org/security/ Luciano Bello February 05, 2014 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 2853-1 (horde3 - remote code execution)
Pedro Ribeiro from Agile Information Security found a possible remote code execution on Horde3, a web application framework. Unsanitized variables are passed to the unserialize PHP function. A remote attacker could specially-craft one of those variables allowing her to load and execute code...
Debian: Security Advisory (DSA-2853-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...